Traditionally a Point of Sale (POS) within a merchant premises includes a POS terminal. The POS terminal typically comprises a computer that is configured to initiate electronic payment transactions by supplying customer provided information to a remote payment gateway, usually over the internet, and receiving a payment authorisation message from the payment gateway. The POS terminal may include or be in communication with related hardware such as a PIN Entry Device (PED) that reads an electronic payment card and verifies customer identity (e.g. via a PIN entry). The POS terminal is typically operated by a member of staff associated with the merchant, although ‘self-service’ POS terminals operated by customers are also available. In both cases, the POS terminal is located such that it can be easily monitored by the merchant to prevent fraudulent use. Typically, this is achieved by locating the POS terminal within the merchant's premises themselves. Transactions performed using this type of POS hardware are referred to as ‘card present’ transactions.
It is desirable to provide an inexpensive unattended payment mechanism for initiating electronic payments. By ‘unattended’ it is meant a payment mechanism that is either entirely unsupervised by a merchant, or is only infrequently supervised by a merchant.
One inexpensive unattended payment mechanism is to provide a facility to effect a transaction remotely from a location at which it is not possible or desirable to provide a supervised POS terminal. An example of this is a telephone transaction, where a customer telephones a representative of the merchant and provides payment card details over the telephone. These types of transaction are known in the art as ‘card not present’ transactions.
A problem with card not present transactions is that they are inherently less secure than transactions where a customer is present at a point of sale. For example, a third party could obtain a payment card without the knowledge of the authorised owner of the card and use this card to carry out a telephone transaction. As a result, card not present transactions carry greater risk and are correspondingly less desirable.
It is also possible to provide unattended POS hardware such as a PED and POS terminal for operation by the customer. This allows a card present transaction to be made, albeit at unattended POS hardware. However, in some cases this may not be a cost-effective solution because the amount of POS hardware required to fully serve customer needs may be prohibitively expensive. Also, the unattended POS hardware could be subject to interference such as a wedge attack which is known in the art and described, for example, in https://www.cl.cam.ac.uk/research/security/banking/nopin/. A wedge device is a device which sits between the real card and terminal, which can manipulate the messages flowing between them.
There is thus a need in the art for a cost-effective unattended payment mechanism having a greater level of security than card not present payment mechanisms.
Another problem with unattended payment systems is that they may be vulnerable to attack by a third party switching component(s) of the payment system with replacement component(s) that have the appearance of being genuine but which have actually allow fraudulent use of the payment system. An unsuspecting customer could then make use of the replacement component(s) without realising that they expose themselves to fraud by doing so. There is thus a need in the art for an unattended payment mechanism that clearly informs a potential customer when tampering has been attempted.
There is also a need to provide a secure way to check the identity of a user that has a payment card.